Course Information

18-739N: Special Topics in Security: Architectures for System and Network Security

Units:

Variable

Description:

Both computer systems and networks depend on architecture primitives for the protection of their security and integrity properties in the persistent presence of an adversary; e.g., malware controlled by a remote entity. This seminar will review hardware and software architectures for the development of end-to-end secure systems and networks. In particular, we will examine how fundamental security notions of isolation, reference mediation, verifiable computation and system objects (e.g., memory content and state) can/not be supported by current system and network architectures. Security abstractions such as encapsulated program modules, isolated I/O channels, (micro) kernels, security and separation kernels, and (micro) hypervisors, and their formal composition will be discussed. Special emphasis will be placed hardware modules, such as the TPM and Intel’s SGX, and their use in building systems and network components with formally verified properties. The seminar will also cover several network security architectures, including secure network front-ends and middleboxes, and security protocols, such as DNSSEC and source authentication, and their use to support network security policies. Proposals for a future Internet architectures will also be covered.

Students will present a critique research papers, develop their own projects, or participate in group projects, and learn how to use a variety of tools for designing and implementing secure system and network components.

The seminar is open to both graduate and undergraduate students whose are particularly interested in systems and network design and programming.